Iran Cyber Attack Highlights Growing Threat, Experts Say

In recent weeks, computer hackers have attacked a Saudi Arabian oil company, a Qatari natural gas company, and several American banks. The level of damage varied, but again and again, American officials placed the blame on the same source: Iran.

When it comes to hacking skills, Iran tops few experts' lists. China and Russia have far greater capabilities. But the growing number of high-profile cyber attacks being attributed to Iran, if true, reflect the country's focus on gaining international respect in cyberspace, experts said.

“Iran has invested very heavily in its cyber warfare capabilities,” said Frank J. Cilluffo, director of the Homeland Security Policy Institute at George Washington University. "And what they lack in capability they more than make up for in intent."

The New York Times on Wednesday revealed new details of how hackers had unleashed a computer virus -- dubbed "Shamoon" -- on Saudi Aramco, a state-owned oil company, erasing data on thousands of the company's PCs. Earlier this month, Defense Secretary Leon Panetta called recent attacks on Aramco and Ras Gas, a natural gas company in Qatar, "a significant escalation of the cyber threat."

They were among the latest cyber attacks to be blamed on Iran, reflecting the country's growing investment in building its cyber muscle, experts said. Earlier this year, the Iranian government reportedly invested $1 billion to develop cyber war capabilities. Iran's authorities "welcome the presence of those hackers who are willing to work for the goals of the Islamic Republic with good will and revolutionary activities," an official with Iran's Revolutionary Guard said in an interview with an Iranian website in March.

Since then, Iran has been building its cyber capabilities so it can retaliate against another computer-based attack, according to Ilan Berman, vice president of the American Foreign Policy Council.

Berman said the recent cyber attacks attributed to Iran may have been the country's way of demonstrating that its hackers can also cause damage -- and that it is not afraid to use them.

“It’s a warning shot across the bow,” Berman said.

But the question of how the United States should respond if Iran -- or any country -- targets American interests in cyberspace are still being finalized, experts said.

The Pentagon is asking that its team of hackers be allowed to take action to defend critical U.S. computer systems, such as disabling a computer server in another country, according to The Washington Post.

During Monday's foreign policy debate, both President Barack Obama and Mitt Romney discussed how they would prevent a nuclear-armed Iran. But neither candidate mentioned how they would potentially engage with Iran on the cyber battlefield.

The recent attacks attributed to Iran should intensify debate over those rules of engagement, Cilluffo said.

"What defines an act of war in cyberspace? What is the appropriate response to a cyber attack?" Cilluffo said. "These are questions our candidates should be thinking about. We still haven't articulated a cyber deterrence strategy."

Such questions are being worked out among high-level officials in Washington, Berman said. Now, Iran has inserted itself into that discussion, he added.

“This is a conversation that’s happening, but it’s happening very much in the shadows,” Berman said.